Network security can be generally summarized as systems for controlling who can access what computing resources. For example, can a particular employee access a file with sensitive information? Will a software application or device with minimal built-in security safeguards be allowed to connect and retrieve data from a database?
A number of network security systems exist today in corporate environments. An exemplary system might provide outsiders with some low level of access to network resources, for example through web pages hosted by one or more web servers. For insiders, e.g., employees within the various corporate departments, user groups may be defined who have access to, and control over, the computing resources they need. For example, an accounting group may have access to spreadsheet programs and all accounting data, but may not have access to product development data, and furthermore may not have administrative control over network connection settings.
Network security administration in such a setting may be carried out by an Information Technology (IT) department with a number of highly trained professionals. The resources required by the IT department are justified by increased efficiency and loss prevention throughout the organization. In contrast, home networks and many other small business or less professionally managed networks, referred to herein as lightweight networks, may not have any network security. The lack of security in lightweight networks is a limiting factor in their development. Poor security erodes user confidence in allowing new devices to connect to their network, and in allowing operation of distributed applications.
Securing a lightweight network is difficult because there are less resources to devote to security procedures. Most home network owners, for example, don't want to manage or organize their network in any way. Furthermore, they don't like leaving a computer on twenty-four hours a day to act as an authentication machine. They also shun network security because they don't want to take the chance of a computer reboot or malfunction stopping some other process or device in the network. For example, if a home user in an electronically advanced home employed corporate-style network security, they run the risk of interruption when watching a movie, because of a malfunctioning computer responsible for network security. Similarly, a security issue may render light controls or other systems unresponsive, which may demand immediate attention.
Another significant problem in providing usable network security for lightweight networks is that devices are continually entering, leaving, and rejoining the network. Devices are turned off, rebooted, brought to work, brought home, purchased and brought home for the first time, and so forth. Users do not want to endure any lengthy network configuration process each time such events occur. Moreover, users generally don't want to be forced to add users and explicitly restrict/enable permissions before using services in the lightweight network or adding a new device. Users may want to set security policies for specific areas, but normally after everything in the network is running properly, and not as a requirement.
In light of these various considerations in network security, there is a need for systems and methods that enhance network security in dynamic environments where computing devices may enter and leave the network, with little need for management or possibility of security-related failure.